Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/01/2025, 14:37 UTC

General

  • Target

    JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe

  • Size

    381KB

  • MD5

    7955ce3d796ca8a03a55d2edefd32f25

  • SHA1

    5725494c18c0f3f32fcd5a5c01ad8a09e8ee7831

  • SHA256

    aac971e1ff6dcb52dac8ee0749261f8995ebe3c870511e9f3ea291882d6e41b0

  • SHA512

    6e5141863878e855b40c6c95ae6658ef8f6bad01a3f1b127675e6d6d7c3fcf2a2f7d85425388594ff4e80d67e5a7c5d2d78fd630914cba291860c74156b34c08

  • SSDEEP

    6144:P9mIRKIXJMFy/x3gC/j4fGyUFvyuja3Xcbp/jXv7TYJwKumRCBF1CgVAtEPm2/2:715oy/e4j4fGcum3Xct/DYJwKuNLQgVS

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • Modiloader family
  • UAC bypass 3 TTPs 3 IoCs
  • Windows security bypass 2 TTPs 2 IoCs
  • ModiLoader Second Stage 14 IoCs
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs
  • System policy modification 1 TTPs 3 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      2⤵
      • UAC bypass
      • Windows security bypass
      • Windows security modification
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2360
      • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
        3⤵
        • Checks whether UAC is enabled
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\Windows\mstwain32.exe
          "C:\Windows\mstwain32.exe" \melt "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1756
          • C:\Windows\mstwain32.exe
            C:\Windows\mstwain32.exe \melt "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe"
            5⤵
            • UAC bypass
            • Windows security bypass
            • Executes dropped EXE
            • Windows security modification
            • Checks whether UAC is enabled
            • Drops file in System32 directory
            • Suspicious use of SetThreadContext
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1776
            • C:\Windows\mstwain32.exe
              C:\Windows\mstwain32.exe
              6⤵
              • UAC bypass
              • Executes dropped EXE
              • Adds Run key to start application
              • Checks whether UAC is enabled
              • System Location Discovery: System Language Discovery
              • System policy modification
              PID:2124
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:1700

    Network

    • flag-us
      DNS
      thepiratebay.org
      mstwain32.exe
      Remote address:
      8.8.8.8:53
      Request
      thepiratebay.org
      IN A
      Response
      thepiratebay.org
      IN A
      162.159.136.6
      thepiratebay.org
      IN A
      162.159.137.6
    • flag-us
      GET
      http://thepiratebay.org/top/301
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /top/301 HTTP/1.1
      User-Agent: Moxilla
      Host: thepiratebay.org
      Cache-Control: no-cache
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:40 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:40 GMT
      Location: https://thepiratebay.org/top/301
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eo8jl6wSiBIhnZe3%2FeOBEpOmABku0EPuf9vFY1V4dDTdaKdRr%2Fd706kdnztrZDt4Fb6WflghfiZf%2BmV7IC3GVyEB7M%2FOEc%2BEjqHq6Z4S8tNcBhxjsiPpY1FBjasaYZqHLghE"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8492afb63be-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=27096&min_rtt=27096&rtt_var=13548&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=95&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      http://thepiratebay.org/search.php?q=top100:301
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /search.php?q=top100:301 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:41 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:41 GMT
      Location: https://thepiratebay.org/search.php?q=top100:301
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLNG2CcmTYMTG38nsqZebsiWXXAtvghl%2FVO0NbAuhDOgvBGemdFDmF46wzaz7iCrrk2m9%2F5M0K9FjZBGCeePZaz%2B0PEiAZ38YOS7Y2aMjWeBgUvo3I3PrgTXj%2BesKtriDq%2Fm"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed84e094d63be-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=27096&min_rtt=27096&rtt_var=13548&sent=4&recv=6&lost=0&retrans=1&sent_bytes=2066&recv_bytes=230&delivery_rate=5773&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      http://thepiratebay.org/top/401
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /top/401 HTTP/1.1
      User-Agent: Moxilla
      Host: thepiratebay.org
      Cache-Control: no-cache
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:42 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:42 GMT
      Location: https://thepiratebay.org/top/401
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFmwb4lOSiF%2B8kK6yHsjibbnD6L7BL%2FObMAbCqs4npK5ZSNWhfEyizJlINaEhFdXomKHG7Qt8jY4WiRYDc9pFbjjUxZ5mJ%2FJmJsPBeeIFqgtFTYHZsQqD19RduZ5fk3Ey7Db"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8520e5163be-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=51678&min_rtt=27096&rtt_var=59326&sent=5&recv=8&lost=0&retrans=1&sent_bytes=3122&recv_bytes=325&delivery_rate=6064&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      http://thepiratebay.org/search.php?q=top100:401
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /search.php?q=top100:401 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:42 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:42 GMT
      Location: https://thepiratebay.org/search.php?q=top100:401
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRmBKNf0JnS1wiAfbMMtHYYGW4V%2B7VsUvtO%2B2I2p3Dv3nUPA%2BVzceIV0IG05AOtYZgHNknSMlGb3oefwmZaDZ1wnLdqv4alYRUJ196bNTP3bm8rENWNXDkaBDuJhNScYUeHm"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed853882563be-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=73975&min_rtt=27096&rtt_var=89088&sent=6&recv=10&lost=0&retrans=1&sent_bytes=4158&recv_bytes=460&delivery_rate=6064&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      https://thepiratebay.org/top/301
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /top/301 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 302 Moved Temporarily
      Date: Thu, 16 Jan 2025 14:37:41 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: http://thepiratebay.org/search.php?q=top100:301
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M9%2FD98Sg8%2FUAF%2BKVCiWzQW3i0NZ9EvK2ApEAYDExHZJw0T3IGhFUyRj98wlWu%2FdKgwItKB7aKu7jgMFyL1Haau81pKpVh8syRhu53LQ%2FSLuBfH0l9nhbDSki0sdDTUUOAm2C"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed84bbc70ef0d-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=54286&min_rtt=26200&rtt_var=56970&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3149&recv_bytes=441&delivery_rate=129525&cwnd=253&unsent_bytes=0&cid=5c6d16f8762af8cc&ts=610&x=0"
    • flag-us
      GET
      https://thepiratebay.org/search.php?q=top100:301
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /search.php?q=top100:301 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 200 OK
      Date: Thu, 16 Jan 2025 14:37:42 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Expires: Sat, 18 Jan 2025 14:37:41 GMT
      Cache-Control: max-age=172800
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUHyHvGdV7ow57%2FraoCpKmTclXtkA7i1yBXeTQ%2BIIUvUsWXZCXDsI4kmHEpkSCG1TRXGEnosolCPGI436jd7tgDjBx7ESlMxPIm%2BetHfe%2Fm0cjPB1WyeRgHyGjqnFDTfDI6D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed84e4ee8ef0d-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=50849&min_rtt=26200&rtt_var=49602&sent=9&recv=9&lost=0&retrans=0&sent_bytes=4219&recv_bytes=605&delivery_rate=129525&cwnd=255&unsent_bytes=0&cid=5c6d16f8762af8cc&ts=1244&x=0"
    • flag-us
      GET
      https://thepiratebay.org/top/401
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /top/401 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 302 Moved Temporarily
      Date: Thu, 16 Jan 2025 14:37:42 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: http://thepiratebay.org/search.php?q=top100:401
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DEgVuxnwcs5KzZJijwrvSQgVtW%2B7h%2FrpHbV3PI4pUou%2BWOEFYdQp5qjBmAD6WKd8%2BSHTZdNnE8zC9BgiDl7GqElZHmnJD6gSTNN%2BYBme%2BGuEjE%2FmkPrOvs4hSdIWMFgmdI6T"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8523f03ef0d-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=42880&min_rtt=26200&rtt_var=32857&sent=16&recv=13&lost=0&retrans=0&sent_bytes=9246&recv_bytes=753&delivery_rate=299878&cwnd=257&unsent_bytes=0&cid=5c6d16f8762af8cc&ts=1488&x=0"
    • flag-us
      GET
      https://thepiratebay.org/search.php?q=top100:401
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /search.php?q=top100:401 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 200 OK
      Date: Thu, 16 Jan 2025 14:37:42 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Expires: Sat, 18 Jan 2025 14:37:42 GMT
      Cache-Control: max-age=172800
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igWNzVMtPIE1ut6Ymp18zCW%2FwyV6gzOaxUUaRPrP9Oqk36x84%2FshAsdcegEmaelnkxOUhM9zCfh6FnTN7RVVCGHk4PWutcRG81%2FhXI0Tkg1lTt82VP3iWUWeXKCYYKEOxMCI"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed853cc48ef0d-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=41066&min_rtt=26200&rtt_var=28272&sent=19&recv=15&lost=0&retrans=0&sent_bytes=10323&recv_bytes=917&delivery_rate=299878&cwnd=257&unsent_bytes=0&cid=5c6d16f8762af8cc&ts=2125&x=0"
    • flag-us
      DNS
      c.pki.goog
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      8.8.8.8:53
      Request
      c.pki.goog
      IN A
      Response
      c.pki.goog
      IN CNAME
      pki-goog.l.google.com
      pki-goog.l.google.com
      IN A
      142.250.178.3
    • flag-gb
      GET
      http://c.pki.goog/r/gsr1.crl
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      142.250.178.3:80
      Request
      GET /r/gsr1.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: c.pki.goog
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
      Cross-Origin-Resource-Policy: cross-origin
      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
      Content-Length: 1739
      X-Content-Type-Options: nosniff
      Server: sffe
      X-XSS-Protection: 0
      Date: Thu, 16 Jan 2025 14:10:33 GMT
      Expires: Thu, 16 Jan 2025 15:00:33 GMT
      Cache-Control: public, max-age=3000
      Age: 1627
      Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
      Content-Type: application/pkix-crl
      Vary: Accept-Encoding
    • flag-gb
      GET
      http://c.pki.goog/r/r4.crl
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      Remote address:
      142.250.178.3:80
      Request
      GET /r/r4.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: c.pki.goog
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
      Cross-Origin-Resource-Policy: cross-origin
      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
      Content-Length: 436
      X-Content-Type-Options: nosniff
      Server: sffe
      X-XSS-Protection: 0
      Date: Thu, 16 Jan 2025 14:10:33 GMT
      Expires: Thu, 16 Jan 2025 15:00:33 GMT
      Cache-Control: public, max-age=3000
      Age: 1628
      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
      Content-Type: application/pkix-crl
      Vary: Accept-Encoding
    • flag-us
      GET
      http://thepiratebay.org/top/301
      mstwain32.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /top/301 HTTP/1.1
      User-Agent: Moxilla
      Host: thepiratebay.org
      Cache-Control: no-cache
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:53 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:53 GMT
      Location: https://thepiratebay.org/top/301
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMpVw%2BVoI5cTTXCq6g9%2Bbyq7jobO6%2FvhdmgUkwzcrQhrIBb0GYFTCb1VbHhpoGM9MAguEAbIMM4w5AXJkoHP0Wcrrb2aOrM6Rn%2BD7tymDn0KBpZBOptkjToUPVUvVZ%2FAYifa"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed89adb4a76ed-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=27177&min_rtt=27177&rtt_var=13588&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=95&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      http://thepiratebay.org/search.php?q=top100:301
      mstwain32.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /search.php?q=top100:301 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:57 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:57 GMT
      Location: https://thepiratebay.org/search.php?q=top100:301
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTzI9bmOMPyjP1KPeeCyhYF8GbHtpR0uZZ42TOc%2B4XA%2FBbWDMIEN3sU95WS%2B5WNqSWqahpG%2BrAEOvwG85LAhXyme82gYt5Zwd521XtZ2TrUCRpSHYm02sd9gOhhCpwikzBWg"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8b10b4e76ed-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=52597&min_rtt=27177&rtt_var=61032&sent=2&recv=5&lost=0&retrans=0&sent_bytes=1033&recv_bytes=230&delivery_rate=5886&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      http://thepiratebay.org/top/401
      mstwain32.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /top/401 HTTP/1.1
      User-Agent: Moxilla
      Host: thepiratebay.org
      Cache-Control: no-cache
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:57 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:57 GMT
      Location: https://thepiratebay.org/top/401
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cfLp0Js2qKnkMZmr566gZ3uvWo853Uvny9ROQ1f7vLue2UcUQiyIzyYJPot6eEIZnC2de4xPHE7npBYpdsMbIS92JGBCQmqniuzxRa4uXjWaQ%2FQ51IxXylKHVKKFr4OSxY90"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8b50fbb76ed-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=75403&min_rtt=27177&rtt_var=91385&sent=3&recv=7&lost=0&retrans=0&sent_bytes=2087&recv_bytes=325&delivery_rate=5886&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      http://thepiratebay.org/search.php?q=top100:401
      mstwain32.exe
      Remote address:
      162.159.136.6:80
      Request
      GET /search.php?q=top100:401 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 16 Jan 2025 14:37:58 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Thu, 16 Jan 2025 15:37:58 GMT
      Location: https://thepiratebay.org/search.php?q=top100:401
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EzdsR6Xdo2Bn%2B7C2rMKXcjphfuHnA9P5f%2B9D5DLPsWmvjleywIk0he4bxa4B3Layl1PyDSL5s06DpNbrh4tKc26oAe1f8A19k7n0ayRz6dBgC1Ux5JfntH1O5W76CdQyfYeo"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8b6899d76ed-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=94485&min_rtt=27177&rtt_var=106704&sent=4&recv=8&lost=0&retrans=0&sent_bytes=3119&recv_bytes=460&delivery_rate=5950&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
    • flag-us
      GET
      https://thepiratebay.org/top/301
      mstwain32.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /top/301 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 302 Moved Temporarily
      Date: Thu, 16 Jan 2025 14:37:57 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: http://thepiratebay.org/search.php?q=top100:301
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yIs%2BsS1V%2BkxbyHXe2bW23hGXxPS%2B0qlQHNHr8qqQgmqF6vSMfr6dqPmxfhkc3r%2BfdOFQATGtHIVIj7FNz2KRja9U2KbBB9pxTeX0KJBN%2BwZFRiZUxr2dk9CRtvhGMiGe%2Faq8"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8aebbb776b9-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=31836&min_rtt=26292&rtt_var=16290&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3149&recv_bytes=441&delivery_rate=130896&cwnd=253&unsent_bytes=0&cid=d6970f0b571a9ea7&ts=444&x=0"
    • flag-us
      GET
      https://thepiratebay.org/search.php?q=top100:301
      mstwain32.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /search.php?q=top100:301 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 200 OK
      Date: Thu, 16 Jan 2025 14:37:57 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Expires: Sat, 18 Jan 2025 14:37:57 GMT
      Cache-Control: max-age=172800
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HY%2FZfgmNs8RidXVQlVxPDGiEpunXIpWwN4MmSqsqdEFDizW4AI4LpCD4JspkniMiUEOa1y7GBRHMMDSXz0o5jHogKVPUa4VfPuP6fQ8IUInCLnwf5UlisxjoWWJB6bj%2BUErk"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8b14e9f76b9-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=31154&min_rtt=26292&rtt_var=13582&sent=9&recv=8&lost=0&retrans=0&sent_bytes=4221&recv_bytes=605&delivery_rate=130896&cwnd=255&unsent_bytes=0&cid=d6970f0b571a9ea7&ts=1091&x=0"
    • flag-us
      GET
      https://thepiratebay.org/top/401
      mstwain32.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /top/401 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 302 Moved Temporarily
      Date: Thu, 16 Jan 2025 14:37:58 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: http://thepiratebay.org/search.php?q=top100:401
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nlngIbdSC5Fcm5fdEMT2HxHOcAua%2F6jxdm1uqiZkXTKapvZx7BoLhSPsrVSDCYX9itBWkkevvXPIHInN2MBXx22IkRRGGgHpLpMSqF68ly26afzwr7iyF%2B79fu7FitWW2Iq7"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8b54bf876b9-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=33576&min_rtt=26292&rtt_var=13806&sent=17&recv=12&lost=0&retrans=0&sent_bytes=9244&recv_bytes=753&delivery_rate=304316&cwnd=257&unsent_bytes=0&cid=d6970f0b571a9ea7&ts=1327&x=0"
    • flag-us
      GET
      https://thepiratebay.org/search.php?q=top100:401
      mstwain32.exe
      Remote address:
      162.159.136.6:443
      Request
      GET /search.php?q=top100:401 HTTP/1.1
      User-Agent: Moxilla
      Connection: Keep-Alive
      Cache-Control: no-cache
      Host: thepiratebay.org
      Response
      HTTP/1.1 200 OK
      Date: Thu, 16 Jan 2025 14:37:58 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      Expires: Sat, 18 Jan 2025 14:37:58 GMT
      Cache-Control: max-age=172800
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eH2WYAAU17MS%2Frk98g%2BFg61J4xxGmU1plB24fyIHHMCxLnNdbHk54Y5F1wOnZW7KsL7yJXeJI2dxe1GEdlYrjkdHJar5xX%2BnNof7491xeVvBT%2FXTdWVCMCsHyB2x%2FtffXtHd"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 902ed8b6bd8576b9-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=32639&min_rtt=26037&rtt_var=12228&sent=20&recv=14&lost=0&retrans=0&sent_bytes=10311&recv_bytes=917&delivery_rate=304316&cwnd=257&unsent_bytes=0&cid=d6970f0b571a9ea7&ts=1961&x=0"
    • flag-us
      DNS
      salihzeki42.no-ip.org
      Remote address:
      8.8.8.8:53
      Request
      salihzeki42.no-ip.org
      IN A
      Response
    • flag-us
      DNS
      crl.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      crl.microsoft.com
      IN A
      Response
      crl.microsoft.com
      IN CNAME
      crl.www.ms.akadns.net
      crl.www.ms.akadns.net
      IN CNAME
      a1363.dscg.akamai.net
      a1363.dscg.akamai.net
      IN A
      2.19.252.143
      a1363.dscg.akamai.net
      IN A
      2.19.252.157
    • flag-gb
      GET
      http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
      Remote address:
      2.19.252.143:80
      Request
      GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: crl.microsoft.com
      Response
      HTTP/1.1 200 OK
      Content-Length: 1036
      Content-Type: application/octet-stream
      Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
      Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
      ETag: 0x8DD1A40E476D877
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 346168ca-101e-0054-5d36-4c18bd000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 16 Jan 2025 14:38:12 GMT
      Connection: keep-alive
    • flag-us
      DNS
      www.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      95.100.245.144
    • flag-gb
      GET
      http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
      Remote address:
      95.100.245.144:80
      Request
      GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: www.microsoft.com
      Response
      HTTP/1.1 200 OK
      Content-Length: 1078
      Content-Type: application/octet-stream
      Content-MD5: HqJzZuA065RHozzmOcAUiQ==
      Last-Modified: Tue, 14 Jan 2025 20:41:31 GMT
      ETag: 0x8DD34DBD43549F4
      x-ms-request-id: e1a81062-701e-0052-0dc9-662b02000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 16 Jan 2025 14:38:12 GMT
      Connection: keep-alive
      TLS_version: UNKNOWN
      ms-cv: CASMicrosoftCV93f3d6fb.0
      ms-cv-esi: CASMicrosoftCV93f3d6fb.0
      X-RTag: RT
    • 162.159.136.6:80
      http://thepiratebay.org/search.php?q=top100:401
      http
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      1.0kB
      5.5kB
      12
      8

      HTTP Request

      GET http://thepiratebay.org/top/301

      HTTP Response

      301

      HTTP Request

      GET http://thepiratebay.org/search.php?q=top100:301

      HTTP Response

      301

      HTTP Request

      GET http://thepiratebay.org/top/401

      HTTP Response

      301

      HTTP Request

      GET http://thepiratebay.org/search.php?q=top100:401

      HTTP Response

      301
    • 162.159.136.6:443
      https://thepiratebay.org/search.php?q=top100:401
      tls, http
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      1.8kB
      16.4kB
      19
      27

      HTTP Request

      GET https://thepiratebay.org/top/301

      HTTP Response

      302

      HTTP Request

      GET https://thepiratebay.org/search.php?q=top100:301

      HTTP Response

      200

      HTTP Request

      GET https://thepiratebay.org/top/401

      HTTP Response

      302

      HTTP Request

      GET https://thepiratebay.org/search.php?q=top100:401

      HTTP Response

      200
    • 142.250.178.3:80
      http://c.pki.goog/r/r4.crl
      http
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      606 B
      5.0kB
      8
      6

      HTTP Request

      GET http://c.pki.goog/r/gsr1.crl

      HTTP Response

      200

      HTTP Request

      GET http://c.pki.goog/r/r4.crl

      HTTP Response

      200
    • 162.159.136.6:80
      http://thepiratebay.org/search.php?q=top100:401
      http
      mstwain32.exe
      898 B
      4.4kB
      10
      6

      HTTP Request

      GET http://thepiratebay.org/top/301

      HTTP Response

      301

      HTTP Request

      GET http://thepiratebay.org/search.php?q=top100:301

      HTTP Response

      301

      HTTP Request

      GET http://thepiratebay.org/top/401

      HTTP Response

      301

      HTTP Request

      GET http://thepiratebay.org/search.php?q=top100:401

      HTTP Response

      301
    • 162.159.136.6:443
      https://thepiratebay.org/search.php?q=top100:401
      tls, http
      mstwain32.exe
      1.8kB
      16.5kB
      20
      29

      HTTP Request

      GET https://thepiratebay.org/top/301

      HTTP Response

      302

      HTTP Request

      GET https://thepiratebay.org/search.php?q=top100:301

      HTTP Response

      200

      HTTP Request

      GET https://thepiratebay.org/top/401

      HTTP Response

      302

      HTTP Request

      GET https://thepiratebay.org/search.php?q=top100:401

      HTTP Response

      200
    • 2.19.252.143:80
      http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
      http
      399 B
      1.7kB
      4
      4

      HTTP Request

      GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

      HTTP Response

      200
    • 95.100.245.144:80
      http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
      http
      393 B
      1.7kB
      4
      4

      HTTP Request

      GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

      HTTP Response

      200
    • 8.8.8.8:53
      thepiratebay.org
      dns
      mstwain32.exe
      62 B
      94 B
      1
      1

      DNS Request

      thepiratebay.org

      DNS Response

      162.159.136.6
      162.159.137.6

    • 8.8.8.8:53
      c.pki.goog
      dns
      JaffaCakes118_7955ce3d796ca8a03a55d2edefd32f25.exe
      56 B
      107 B
      1
      1

      DNS Request

      c.pki.goog

      DNS Response

      142.250.178.3

    • 8.8.8.8:53
      salihzeki42.no-ip.org
      dns
      67 B
      127 B
      1
      1

      DNS Request

      salihzeki42.no-ip.org

    • 8.8.8.8:53
      crl.microsoft.com
      dns
      63 B
      162 B
      1
      1

      DNS Request

      crl.microsoft.com

      DNS Response

      2.19.252.143
      2.19.252.157

    • 8.8.8.8:53
      www.microsoft.com
      dns
      63 B
      230 B
      1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      95.100.245.144

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

      Filesize

      1KB

      MD5

      c9be626e9715952e9b70f92f912b9787

      SHA1

      aa2e946d9ad9027172d0d321917942b7562d6abe

      SHA256

      c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

      SHA512

      7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

      Filesize

      436B

      MD5

      971c514f84bba0785f80aa1c23edfd79

      SHA1

      732acea710a87530c6b08ecdf32a110d254a54c8

      SHA256

      f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

      SHA512

      43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

      Filesize

      174B

      MD5

      3d9b18549c1b48f6a8e5a1bb3b460a58

      SHA1

      64f801964dd558fdff8f7e1c9a33fdc9a5dfa4a8

      SHA256

      a0f98fe18edc6701b6bc76760d673a1e3b561a984a67a5343dd827cc281501c1

      SHA512

      b9c0c7dc941298ab191a6a311cebaea371228f26d57f05339d571d9fbceca0a80ccd753e47700280aecd80b10923b9b33b232fdb1eccffaa32f3cf305fe7627a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

      Filesize

      170B

      MD5

      559318947122e5153ad46b91cde3864b

      SHA1

      4dc63f074fec06d1ae8994506aef613e516af441

      SHA256

      15bf20a3275e1d57e8fa94655521a572b94ccb1f8cfeff9d61520d7f0b34e6c6

      SHA512

      f2d9a2a68ed48d64353a2fc7fca73995e6878e2125b28e0a622b7154c54f554b33f7daea2ed79e69ade15738cdd6402888048995253f35b936f8b7cbf0ef66fe

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\301[1].htm

      Filesize

      167B

      MD5

      0104c301c5e02bd6148b8703d19b3a73

      SHA1

      7436e0b4b1f8c222c38069890b75fa2baf9ca620

      SHA256

      446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

      SHA512

      84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

    • C:\Users\Admin\AppData\Local\Temp\Cab2C7D.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Windows\mstwain32.exe

      Filesize

      381KB

      MD5

      7955ce3d796ca8a03a55d2edefd32f25

      SHA1

      5725494c18c0f3f32fcd5a5c01ad8a09e8ee7831

      SHA256

      aac971e1ff6dcb52dac8ee0749261f8995ebe3c870511e9f3ea291882d6e41b0

      SHA512

      6e5141863878e855b40c6c95ae6658ef8f6bad01a3f1b127675e6d6d7c3fcf2a2f7d85425388594ff4e80d67e5a7c5d2d78fd630914cba291860c74156b34c08

    • memory/1756-74-0x0000000000400000-0x000000000046A000-memory.dmp

      Filesize

      424KB

    • memory/1756-89-0x0000000000400000-0x000000000046A000-memory.dmp

      Filesize

      424KB

    • memory/1756-90-0x0000000000400000-0x000000000046A000-memory.dmp

      Filesize

      424KB

    • memory/1776-128-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2124-131-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2124-130-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2348-16-0x0000000002020000-0x000000000208A000-memory.dmp

      Filesize

      424KB

    • memory/2348-157-0x0000000002020000-0x000000000208A000-memory.dmp

      Filesize

      424KB

    • memory/2348-1-0x0000000000320000-0x0000000000322000-memory.dmp

      Filesize

      8KB

    • memory/2348-0-0x0000000000400000-0x000000000046A000-memory.dmp

      Filesize

      424KB

    • memory/2348-13-0x0000000000400000-0x000000000046A000-memory.dmp

      Filesize

      424KB

    • memory/2348-15-0x0000000000400000-0x000000000046A000-memory.dmp

      Filesize

      424KB

    • memory/2360-40-0x0000000003D20000-0x0000000003D8A000-memory.dmp

      Filesize

      424KB

    • memory/2360-2-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2360-57-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2360-4-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2360-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2360-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2360-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2360-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2680-49-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-43-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-50-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-72-0x0000000003A80000-0x0000000003AEA000-memory.dmp

      Filesize

      424KB

    • memory/2680-67-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-54-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-51-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-47-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-45-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-77-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-41-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-68-0x0000000003A80000-0x0000000003AEA000-memory.dmp

      Filesize

      424KB

    • memory/2680-58-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-65-0x0000000002940000-0x0000000002950000-memory.dmp

      Filesize

      64KB

    • memory/2680-61-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-60-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    • memory/2680-59-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.